Let’s Encrypt, the popular SSL certificate authority, is about to stop sending emails for expiring certificates. If you have a server using Let’s Encrypt, you’ll need to use automations to keep up with certificate renewals, or set up an alternative monitoring service.
Let’s Encrypt provides free SSL certificates for web hosts and servers, allowing pages and other content to be served over secure HTTPS. It’s a popular solution for everything from major publishers to DIY homelabs, including this very website. Let’s Encrypt has a command-line tool for setting up certificates on a server, but many hosting providers take care of that part for you.
Setting up a Let’s Encrypt certificate previously required an email address, which the service would use to send reminder emails (as seen below) about expiring certificates. Just like any other SSL certificates, they have to be renewed occasionally, or they stop working.
Let’s Encrypt announced in January that it was ending notification emails for certificate expirations, and the service is about to shut down: the final emails will be sent out on June 4, 2025. If you still need notifications for expiring certificates, Let’s Encrypt recommends Red Sift Certificates Lite and other services. Red Sift’s free monitoring supports up to 250 certificates, which should be more than enough for most people.
The blog post about the shutdown explains, “Providing expiration notifications adds complexity to our infrastructure, which takes time and attention to manage and increases the likelihood of mistakes being made. Over the long term, particularly as we add support for new service components, we need to manage overall complexity by phasing out system components that can no longer be justified.”
Let’s Encrypt also mentioned that “more and more of our subscribers have been able to put reliable automation into place for certificate renewal,” so the email notifications aren’t as important these days. It’s true that most servers and hosting providers that use Let’s Encrypt certificates have automatic renewal, but the expiry emails were still helpful whenever those automations failed for some reason.
Related
How Do LetsEncrypt’s Free HTTPS/SSL Certificates Work?
Let’s Encrypt issues SSL certificates for free, which are used to secure and encrypt traffic on your website, and give you the green padlock in the URL bar.
The blog post mentioned that collecting millions of email addresses is a privacy risk, and removing the email notification system means Let’s Encrypt won’t need to ask for email addresses. The service also costs “tens of thousands of dollars per year,” which Let’s Encrypt would rather spend on other infrastructure costs.
If you have a server using Let’s Encrypt certificates, now is a great time to check that you have a working automation setup to periodically renew your certificates. For example, if you’re using the official certbot command line tool, you could set up a cron job to run it daily or weekly for possible renewals. If you’re using a pre-configured Docker container or another similar setup, it might already run renewals on a fixed schedule.
Source: Let’s Encrypt
